Cannot ping my VLAN CARP IP Address
I have set up a new pfSense failover cluster using version 2.1.5. Both pfSense boxes have a LAN connection, two WAN interfaces and a SYNC interface dedicated to synchronization between them.
I have set up CARP IP address for LAN (10.30.0.254), WAN1 and WAN2 and it seems to work correctly. New rules, users … are synchronized with the backup pfSense. If I switch off the master, the backup one become master and all is working properly.
But I have a problem if I try to ping the LAN CARP address or acesses the webGUI (https://10.30.0.254), from a computer connected to LAN with LAN carp address as gateway it fails, whereas the computer can access with no problem the internet.
Another strange behavior is that this pfSense cluster is connected through a VPN IPSec tunnel to other sites and I can ping or access webGui to 10.30.0.254 from remote sites without any problem !!!
Any idea of what is causing this behavior?
I have been searching for a while but I did not manage to find the trick. The pfSense failover cluster is the only router of the site, there are only switches between the cluster and computers.
My Virtual IP configuration are the following:
If I try, from a computer with CARP LAN address as Gateway, to ping my CARP LAN address it fails, if I try to do a tracert it also fails after 30 hops:
Really I suppose that the problem is on the site LAN side because this computer can correctly access internet or remote resources behind VPN IPSec tunnel !!!
Do you think it can be a problem with the switches between computers and pfSense cluster, do I have to enable promiscuous mode on those switches ?
Thanks in advance
I would check that your firewall rules should allow the ping of course, but then try failing over (disable carp on primary to force a transfer) - pings might start working then - if so, you might be seeing the same problem secgeek and I are noticing.